Security Event 4733 help sentinel Log analytic work space

HUI ACE 186 Reputation points

Hi community experts!

I had trouble with the following issue. we have connected security events via OMS agent to Log analytic workspace. but we found something really interesting.

for security event log 4733, which is a user is removed from the AD, in the event viewer you can see the account name that is being removed! but in the LAW

we can not see the account that is being removed. we belived we have found similar issue.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
922 questions
{count} votes